BlueHost Hacked by Syrian Electronic Army
It looks like BlueHost’s Twitter account was taken over by the Syrian Electronic Army (SEA) tonight (3/29/2015).
Hacked by @Official_SEA16 for hosting terrorists websites. #SEA #BlueHost #HostMonster #HostGator #JustHost
Hopefully they have not hacked BlueHost’s servers or any of the other EIG hosting brands mentioned in the hacked tweet. Waiting for an official announcement.
3/30/2015: TechWorm confirms that SEA did hack some EIG systems and were able to access local control panels (as shown in the screenshot tweet). http://www.techworm.net/2015/03/syrian-electronic-army-hacks-bluehost-justhost-hostgator-fastdomain-hostmonster.html
When contacted, the SEA spokesperson told TechWorm that they had gained access to all the local-control panels of these hosting companies. The SEA spokesperson said,
“We gained access to all the local-control panels of the hosting companies after establishing 2 VPN connections to both Endurance and Bluehost local networks.”
In one of the tweets, SEA warned the hosting providers that next time they will change their DNS settings.
3/31/2015: International Business Times featured a story about the hacking today which included a response from Endurance International Group. http://www.ibtimes.co.uk/syrian-electronic-army-hacks-hosting-services-supporting-terrorist-websites-1494393
The hackers were able to gain access to the company’s control systems which would have allowed them to cause a huge amount of damage. However, it is unclear just how much damage was caused, and when asked about the attack, Endurance Group simply said:
“On Sunday evening, Bluehost’s Twitter account was compromised for a short period of time. We were able to regain control of that Twitter account within a few hours. We are continuing to investigate this matter, but are viewing this as an unfortunate case of cybervandalism. We have taken all appropriate security measures to ensure that our platform is secure and will continue to conduct a thorough review of this incident.”
Another response from EIG on TheWHIR.com today. http://www.thewhir.com/web-hosting-news/syrian-electronic-army-hacks-endurance-brands
“We are viewing this as an unfortunate case of cybervandalism,” a spokesperson from EIG told the WHIR in an email. “We have taken appropriate measures to ensure that our platform is secure. No customer websites or services were disrupted. We are continuing to conduct a thorough review to ensure that our platform remains secure.”